Problem statement
Our ideal use case is to have it so the user can log in with Identifier+WebAuthN, or Identifier+Password+MFA (that does not involve WebAuthN since they’ve already been offered that at that point). The problem is that disabling WebAuthN as an MFA factor also disables the Identifier First+Biometrics functionality that we would like to keep. Is there a way around this?
Solution
This is by design at the moment. If a user declines the biometrics login prompt and opts to login with their password, we prompt them for biometrics MFA even after they’ve just indicated they don’t want to use it for login.
If you would like to see this functionality more configurable in a future release of Auth0, we encourage you to submit a feature request using this feedback form. That is a direct line to our Product team and the best way to communicate your needs.